A rootkit!?! Could you be mistaken a rootkit is used by a cracker to regain access to your server, you cant just
turn a rootkit off it requires a reinstall of the distrobution as alot of files are overwritten.

Can you give me more information about your so called rootkit? also alittle about your server?

Lunatic! - looks like you've got a problem. Most rootkits are not designed to be removeable - other than with a clean install of the operating system. As a result of your root kit install commands such as ps, ls etc cannot be relied on to give you the correct response. (All part of the ability of a rootkit to try and hide itself).

chkrootkit is one of the more common programs for detecting whether there is traces of a rootkit on your system:

However, the only way to *really* guarantee that you've removed it is to re-install the system from scratch! The reason for this is that many rootkits are 'trojanised' so that 'script kiddies' who don't know what they are doing infect the system not only with the root kit, but also with other trojans as well.

Realistically, you are not going to be able to guarantee removal of the root kit, unless you can look at all the code that has been installed *AND* understand it. Best bet is clean reinstall and recover from backup.

I would strongly recommend you reformat your server because its not going to be fixable :( rootkits replace
alot of binarys such as ps, netstat etc. I would also strongly recommend you go through your websites checking
for malicious code.

Also have a look with rkhunter (http://www.rootkit.nl/) this will help identify the rootkit. Also have a look at: chrootkit and
have a look at this URL:

>I asked my host about this they said it's because of a rootkit running on your server

I'd ask your ISP to clarify this. Is this on your VPS?......or on the server that is hosting your VPS? Either way, you need to 'start again'....but it's pointless starting again if the rootkit is on the server hostign your VPS.

There's a program (a script mostly) that is designed to check for rootkits' existence on
Linux-like systems. It is well known and most comprehensive,download it , compile
and run (see ReadMe inside for exact installation steps, or if you have any problems post them here)www.chkrootkit.org

But most productive would be to first obtain maximum information from the host
- How do they know you have a rootkit ?
- What are the files/programs that they think belong to rootkit?
- Google (or ask here) for any filenames/daemons names they will give
- What logs do they have to help you identify the culprit (when did the compromise happen?
etc. )?

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…

Little introduction about CP:
CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow:
cp /myfoder /pathto/destination/folder/
cp abc.tar.gz /pathto/destination/folder/ab…